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“BEING RESPONSIBLE 
STEWARDS OF YOUR 
DATA IS NOT ONLY 
REQUIRED BY LAW, IT IS 
EMBEDDED IN CENSUS 
BUREAU CULTURE. 


-U.5. CENSUS BUREAU 


The United States Census Bureau will have 400,000+ mobile devices that 
will need to be data cleared by July, 2020. This is the first time the U.S. 
Census Bureau has opted to collect all of the decennial data digitally. The 
Bureau will hire up to 500,000 part-time census takers or enumerators to 
collect data from around the nation, and Puerto Rico (Wong, 2019). The 
purpose of the enumerators is to "collect responses from households who 
have not responded online or by phone" (US Census Bureau, 2020). 


To aid the enumerators, the Bureau has awarded CDW-G with a $238M 
contract for census mobile testing and field operations (Mitchell, 2017). 
Each enumerator is issued a mobile device in which they will be able to 
receive tasks, work schedules, update their timesheets, and collect data 
from each household they visit. 


August, 2017 AT&T protested the mobile testing and field operations 
contract awarded to CDW-G. AT&T's protest halted CDW-G's contract. AT&T 
made the claim that the U.S Census conducted unequal and misleading 
discussions when awarding CDW-G the 2020 Census contract. October, 
2017 AT&T and CDW-G reached an agreement that would make AT&T a 
subcontractor to CDW-G (U.S. Court of Federal Claims, 2017). CDW-G was 
able to resume work on their contract and developed dDaaS (Decennial 
Device as a Service) (Cordell, 2017). It is unclear as to the amount AT&T has 
been paid by CDW-G. 





The 2020 U.S. Census mobile testing and field operations will be divided into 
4 modalities. The 4 divisions outlined are: Device - Provisioning, Shipping, 
Storage, and Disposition (Decennial Census, 2017). October, 2019 Apple, 
Inc. announced its partnership with the U.S. Census, and revealed that they 
had agreed to provide hundreds of thousands of devices to the U.S. Census 
for their enumerators to use. Excerpt 1 quotes Apple's CEO Tim Cook during 
Apple's 2019, Q4 earnings call. Tim Cook also names CDW as their partner 
in the 2020 mobile device data collection efforts. 
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Table 1 shows the mobile devices categories that were procured for testing, 
and the OS (operating system) types that are likely to be associated. This 
table information was gathered from preliminary discussions the U.S. 
Census had with Westat Inc. (Pickett, 2014). Westat Inc. provided research 
data that aided in the procurement of devices for the 2020 Census. A 
complete list of mobile test devices and quantity was not publicly available 
to include in the number of mobile devices needing erasure. Based on data 
gathered from documents that reference the acquisition of mobile devices, 
the number of test devices that have been procured is between 100,000- 
300,000. 
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The estimated total number of devices needing erasure based on test 
devices, and enumerator devices is around 700,000. A complete list of 
mobile test devices and enumerator devices is required to provide the full 
scope of work to the U.S. Census in regard to data erasure. 
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CDW Government, LLC is a reseller of products, and solutions. CDW-G is an 
authorized reseller of VMWare's Mobile Device Management (MDM) 
solution, AirWatch. CDW-G offers support for solutions that they resell. 
Support includes setup, training, and managed support services. For the U.S. 
Census 2020 project, CDW-G opted to equip each capable mobile device 
with software from a Mobile Device Management (MDM) system. CDW-G 
had a previous agreement with VMWare's AirWatch MDM solution, as a 
reseller of their services for other clients. 


As the primary contractor for the U.S. Census CDW-G opted not to create a 
custom mobile device management system, and instead use a non-modular 
out of the box solution. I have identified vulnerabilities in the way AirWatch 
Mobile Device Management (MDM) system performs a mobile device 
erasure and presented my findings to the U.S. Census. 
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INSUFFICIENTLY PROTECTED CREDENTIALS 
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Code Block 1 


Code Block 1 is the example of forensic extraction shown during the live 


demonstration with the Census. 
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| FORENSIC DATA RECOVERY DEMONSTRATION 


There was much skepticism before my demonstration. Engineers on the 
teleconference from the Census and 1 engineer from Accenture that was 
present in the room were determined to explain Apple security theory, and 
Apple device erasure theory to me. After about a 25-minute lecture, | 
simply said, "No that's not how the security or device erasure works." The 
room was silent as though they were expecting me to lecture back, and 
support my claim. 


After the silence, Mike Fluharty Jr., Principal Director of Security at 
Accenture and others in the room, via teleconference asked to see the 
demonstration in which the Apple iPhone 8 Plus that I had brought with 
me could be erased with AirWatch MDM, and data could still be recovered. 


I had previously setup an AirWatch MDM account specifically for the 
purpose of demonstrating to the Census. I navigated to the AirWatch MDM 
console on my laptop to show that there were no devices provisioned. 
Mike Fluharty, then asked for the device to be provisioned with the MDM 
profile I had setup. As the device was setup with the MDM profile, the 
iPhone 8 plus was now recognized as being Mobile Device Managed by 
AirWatch, and could be visible in the AirWatch web console. I showed 
everyone in the room that I was logged in to the MDM on the device, and 
also on the web. Mike Fluharty and the Census engineers now asked me to 
perform an "Enterprise Wipe." Enterprise Wipe, is an option available via 
the AirWatch MDM web console. 


Once I initiated the Enterprise Wipe, I was no longer signed in to the MDM 
service on the iPhone 8 Plus, but the MDM application persisted and was 
not uninstalled. I showed everyone in the room, that the Enterprise Wipe 
was executed, and now it was time for me to recover data. 


I ran my forensic tools in the background of my computer, and about 5 
minutes later, my algorithm had found all of the data that was supposed to 
have been erased, including the URL path to the Data stored on the web, 
this is shown in Code Block 1 Line 45. 


Mike Fluharty, validated the data and the code I was showing and agreed 
that this should not accessible. The forensic data I had pulled was shown to 
be undeniably a data erasure issue with the AirWatch MDM solution. 


I was then asked to perform a deeper layer of data wiping and extract data 
from this next layer. I agreed to this, but I requested CDW-G's provisioned 
profile, so that I may know what I'm forensically targeting. Without 
understanding the datasets I'm looking for; the process of forensic analysis 
and recovery can take a long time. Everyone agreed that now was not the 
right time to do a deeper data recovery, and the decision to start the 
secrecy clearance process was set. 
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| MDM CONFIGURATION PROFILE 


The primary function of the MDM Enterprise Wipe is to clear the device of 
all content that has been input into the Census iOS application or other 
applications approved through the configuration profile. This level of device 
erasure is not meant to perform a factory reset, and you will not see the 
device reboot and delete all data. The objective is to delete the "secured" 
containers which the MDM has setup via a custom configuration profile. 





Figure 2 


The MDM configuration profile is essentially the key that determines how 
data is stored, and how data can be removed. The hierarchy in Figure 2 
demonstrates how the configuration profile for CDW-G is structured in 
regard to device erasure. 
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The Mind Map I have put together serves as a reference for future device 
erasure methods. 


Please See Annex 1 
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U.S. Census Bureau Onboarding and Investigation Process - JONATHAN LEE 
VILLARREAL 


HRD.CIS.Other@census.gov <HRD.CIS.OtherOcensus.gov> 
Fri 3/20/2020 7:53 AM 


To: Jonathan Villarreal <ext-jonathan.villarreal@blancco.com> 
Cc: rebecca.diaz.cartagena@census.gov <rebecca.diaz.cartagena@census.gov> 


() 3 attachments (324 KB) 
BC1759.pdf; Fair. Credit, Reporting. Release Form.pdf; Foreign. National Residence History.pdf; 


( CHEC ID: V004883934 ) 


Dear Applicant, 
Welcome to the U.S. Census Bureau! 
Congratulations on your selection for a position with the U.S. Census Bureau. 


Your tentative contract employment position with the U.S. Census Bureau depends upon you 
completing the pre-employment security process. Therefore, it is critical that you complete the 
following steps listed below. 


Once the following steps are completed, you may be contacted by an Investigation Analyst of the 
U.S. Census Bureau for additional information if required. 


There are four steps that you must complete for the On-boarding Security Investigation 
Package. 


STEP i: Completed Security Forms Required 


Please complete and sign the following security form(s) by typing or writing legibly in black ink 
pen. 


e Special Sworn Status (BC-1759) - Complete Part A. Part B € C must be completed in 
front of a Notary Public. 

e Declaration for Federal Employment (OF-306) - Answer all questions, then sign and 
date on line 17a. https://www.opm.gov/forms/pdf fill/of0306.pdf 

e |-9 Employment Eligibility Verification - This link is only provided to assist you with 
providing acceptable forms of Identification - YOU DO NOT NEED TO COMPLETE THIS 
FORM https://www.uscis.gov/i-9 

e Fair Credit Reporting Act Release Form - Complete form as instructed. 

e Resume - Provide a copy of your resume. Please ensure the employers names, employer's 
addresses, and your dates of employment are included.Please ensure that any education 
information includes the name of the school/college/institution and the address is included. 

e Foreign National Residence History Form - Complete form as instructed. (Required for 
Foreign Nationals Only) 

e Work Authorization Documentation - Provide proof of authorization to legally work in the 
United States.If you are providing a copy of your Visa, please ensure you provide a copy of 


https://outlook.office.com/mail/search/id/AAQKADEINWMyOTBjL WNmOTItNDM1OSIiODNmLWRhY;jFhNTgyNWJhMAAQABZXO9r1tSNtGhJE91UYbdHOQ?^*e... 1/4 
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the page which displays a date stamp of when you first entered the United States. 
(Required for Foreign Nationals Only) 





STEP Il: Training 


Complete 2020 Data Stewardship Training by following these instructions. 


You must use a laptop or desktop computer to complete these trainings (the module is not 
optimized for smartphones and tablets). 

Turn off pop-up blockers in your Internet Explorer browser if you use IE. 

You must have access to a printer to print your completion certificate. 

If you close the trainings before completing them, you will need to re-start them. You must 
complete the training and print out and sign your completion certificate. 


Navigate to: https://www.census.gov/main/training/2020/ds/story html5.html 


Read each screen of the course. 

Complete the Knowledge Check questions. Click "submit" as you answer questions. Click 
the Get Your Completion Certificate link. 

Please put your full name as it appears on contracting or federal documents (no 
nicknames). 

Leave COR/Sponsor field blank. 

After printing your completion certificate, close the course. 

Be sure to sign your training certificate. 

Do not fax your certificate. 

Be sure to include your certificate in your onboarding es 


2020 Title 26 Training 


Complete 2020 Title 26 Training by following these instructions. 


You must use a laptop or desktop computer to complete these trainings (the module is not 
optimized for smartphones and tablets). 

Turn off pop-up blockers in your Internet Explorer browser if you use IE. 

You must have access to a printer to print your completion certificate. 

If you close the trainings before completing them, you will need to re-start them. You must 
complete the training and print out and sign your completion certificate. 


Navigate to: Navigate to: https://census.gov/main/training/2020/title26/story htmi5.html 


https://outlook.office.com/mail/search/id/AAQkADEI NWMyOTBjLWNmOTIINDMIOS1iODNmLWRhYjFhNTgyNWJhMAAQABZXOrItSNtGhJE91UY bdHQ%... 


Read each screen of the course. 
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e Complete the Knowledge Check questions. Click "submit" as you answer questions. Click 
the Get Your Completion Certificate link. 

e Please put your full name as it appears on contracting or federal documents (no 

nicknames). 

Leave COR/Sponsor field blank. 

After printing your completion certificate, close the course. 

Be sure to sign your training certificate. 

Do not fax your certificate. 

Be sure to include your certificate in your onboarding packet. 


STEP Ill: Fingerprinting 


Non-Local Applicants (Applicants 50 Miles Outside of the Washington, DC Area): Please 
provide two fingerprint cards, which can be obtained at your local police station. Mail the cards 
with your completed security package to the address provided below. Please contact Census 
Investigative Services (CIS) at 301-763-4191 if you need fingerprint cards mailed to you. 


Local Applicants (Applicants 50 Miles Inside of the Washington, DC Area): Please contact 
301-763-4191 to schedule an appointment for fingerprinting and to submit a completed security 
package by close of business 03/30/2020 . 


STEP IV: Security Paperwork Package Submission 





Please be advised that if your complete security package is not received by our office, this 
may suspend the pre-employment security approval process. 


Your completed Security Paperwork Package should include the following items: 


— (2) Fingerprint Cards (As applicable) 

— Two forms of ID (U.S. Passport, Driver's License, etc.) 

— Completed/Signed Special Sworn Status form (BC-1759) (Non-Local Applicants should 
have their form notarized by a Notary Public.) 

— Signed Training Certificates of Completion 

— Signed Declaration for Federal Employment (OF-306) 

Signed Fair Credit Reporting Act Release Form 

Resume 

Foreign National Residence History Form (As applicable) 

Work Authorization Documentation (As applicable) 


Reminder: if you are a United States (U.S.) Citizen born outside of the U.S., submit additional 
supporting documentation confirming your citizenship status. If you are not a U.S. Citizen, you 


MUST contact CIS at 301-763-4191 BEFORE visiting the U.S. Census Bureau Headquarters in 
Suitland, MD. 


Please mail the completed package to either address below. If you choose to email your forms 


and documents, please ensure they are encrypted and password protected as they contain your 
Personal Identifiable Information. 


AA AN NAAA A EAN 
RAE RIERA AAA AAA ANSA ANS SA AANNNANAI NNI. 
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Department of Commerce 

U.S. Census Bureau 

Census Investigative Services (CIS) 
4600 Silver Hill Road, Room 2K020 
Washington, DC 20233 

ATTN: KOFAX BRANCH - ROOM 2K020 


Kofax IP Fax (877)611-2010 [fingerprints not accepted via fax] 


Via Overnight Delivery (FedEx, UPS), use the following address: 


AS 





Department of Commerce 

U.S. Census Bureau 

Census Investigative Services (CIS) 
4600 Silver Hill Road, Room 2K020 
Suitland, MD 20746 

ATTN: KOFAX BRANCH - ROOM 2K020 


Kofax IP Fax (877)611-2010 [fingerprints not accepted via fax] 

If you encounter any problems during the on-boarding process or have additional questions, you 
are encouraged to contact the CIS office at 301-763-4191. The office hours are Monday through 
Friday from 7:00 AM until 4:30 PM, excluding federal holidays. 

Respectfully, 


Census Investigative Services 
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